From af39a670ca00949536be1b3d615d2ec0392d63f3 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Tue, 12 Jun 2018 07:51:40 +0000
Subject: Follow up to r1833359: apr_crypto_prng_after_fork() can now use a
 PID.

git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1833382 13f79535-47bb-0310-9956-ffa450edef68
---
 crypto/apr_crypto_prng.c | 27 +++++++++++++++++++++++++--
 1 file changed, 25 insertions(+), 2 deletions(-)

(limited to 'crypto')

diff --git a/crypto/apr_crypto_prng.c b/crypto/apr_crypto_prng.c
index 12f581a26..b136212c3 100644
--- a/crypto/apr_crypto_prng.c
+++ b/crypto/apr_crypto_prng.c
@@ -47,6 +47,7 @@
 #if APU_HAVE_OPENSSL
 
 #include <openssl/evp.h>
+#include <openssl/sha.h>
 
 #include <openssl/obj_mac.h> /* for NID_* */
 #if !defined(NID_chacha20) && !defined(NID_aes_256_ctr)
@@ -104,6 +105,17 @@ apr_status_t cprng_stream_ctx_mix(cprng_stream_ctx_t **pctx,
     return APR_SUCCESS;
 }
 
+static apr_status_t cprng_hash_to_seed(pid_t pid, unsigned char seed[])
+{
+    SHA256_CTX ctx;
+
+    SHA256_Init(&ctx);
+    SHA256_Update(&ctx, &pid, sizeof(pid));
+    SHA256_Final(seed, &ctx);
+
+    return APR_SUCCESS;
+}
+
 #else /* APU_HAVE_OPENSSL */
 
 /* XXX: APU_HAVE_CRYPTO_PRNG shoudn't be defined! */
@@ -178,13 +190,24 @@ APR_DECLARE(apr_status_t) apr_crypto_prng_term(void)
     return APR_SUCCESS;
 }
 
-APR_DECLARE(apr_status_t) apr_crypto_prng_after_fork(void)
+APR_DECLARE(apr_status_t) apr_crypto_prng_after_fork(apr_proc_t *proc)
 {
+    unsigned char seedb[APR_CRYPTO_PRNG_SEED_SIZE], *seed = NULL;
+
     if (!cprng_global) {
         return APR_EINIT;
     }
 
-    return apr_crypto_prng_reseed(cprng_global, NULL);
+    if (proc) {
+        apr_status_t rv;
+        rv = cprng_hash_to_seed(proc->pid, seedb);
+        if (rv != APR_SUCCESS) {
+            return rv;
+        }
+        seed = seedb;
+    }
+
+    return apr_crypto_prng_reseed(cprng_global, seed);
 }
 
 APR_DECLARE(apr_status_t) apr_crypto_random_bytes(void *buf, apr_size_t len)
-- 
cgit v1.2.1